Re: Server hacked - next...?

To: 'Shri Shrikumar' <shri@urbyte.com>, debian-isp@lists.debian.org
Subject: Re: Server hacked - next...?
From: Thomas Lamy <Thomas.Lamy@netwake.de>
Date: Fri, 4 Jul 2003 16:44:01 +0200
Message-id: <[🔎] 656F04F343FC25409463829A15B5FDDC3F9590@netwake-nt.netwake.de>

Shri Shrikumar:
> On Thu, 2003-07-03 at 22:30, Mario Lopez wrote:
> > In any case if you have a lkm rootkit, your done, dosent matter if 
> > you upload static, dinamic or whatever, kernel root kits are hard to
> > find, not even lsmod, rmmod can help you because it is 
> quite easy to 
> > make a kernel module unloadable or even hiden, some of you may be 
> > thinking that they are safe to those kind of attacks because they
> > have disabled kernel module support in theyr kernel, well they are 
> > wrong :), there is code, and nice white papers explaining how to 
> > insert kernel code through /proc/kmem, if I am not wrong Silvio 
> > Cesare developed this technique two or three years ago, although it 
> > hasent being exploited too much you must be aware of it's existance.
> 
> I dont have module support and I dont have /proc/kmem. Am I missing
> something ? Running 2.4.20.
> 
I'm sure he meant /dev/kmem

Reply to:

Follow-Ups:
- Re: Server hacked - next...?
  - From: Shri Shrikumar <shri@urbyte.com>

Prev by Date: Re: Server hacked - next...?
Next by Date: Re: Server hacked - next...?
Previous by thread: Re: Server hacked - next...?
Next by thread: Re: Server hacked - next...?
Index(es):
- Date
- Thread